In order to verify the certificates presented by the peer, trusted CA
certificates must be accessed. These CA certificates are made available
via lookup methods, handled inside the X509_STORE. From the X509_STORE
the X509_STORE_CTX used when verifying certificates is created.

Typically the trusted certificate store is handled indirectly via using
SSL_CTX_load_verify_locations(3).
Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
it is possible to manipulate the X509_STORE object beyond the
SSL_CTX_load_verify_locations(3)
call.

Currently no detailed documentation on how to use the X509_STORE
object is available. Not all members of the X509_STORE are used when
the verification takes place. So will e.g. the verify_callback() be
overridden with the verify_callback() set via the
SSL_CTX_set_verify(3) family of functions.
This document must therefore be updated when documentation about the
X509_STORE object and its handling becomes available.